Add a new page

MIXMASTER IS THE TYPE II REMAILER PROTOCOL AND THE MOST POPULAR IMPLEMENTATION OF IT. REMAILERS PROVIDE PROTECTION AGAINST TRAFFIC ANALYSIS AND ALLOW SENDING EMAIL ANONYMOUSLY OR PSEUDONYMOUSLY. MIXMASTER CONSISTS OF BOTH CLIENT AND SERVER INSTALLATIONS AND IS DESIGNED TO RUN ON SEVERAL OPERATION SYSTEMS INCLUDING BUT NOT LIMITED TO *BSD, LINUX AND MICROSOFT WINDOWS.

MIXMINION IS THE STANDARD IMPLEMENTATION OF THE TYPE III ANONYMOUS REMAILER PROTOCOL. MIXMINION USES A MIX NETWORK ARCHITECTURE TO PROVIDE STRONG ANONYMITY, AND PREVENT EAVESDROPPERS AND OTHER ATTACKERS FROM LINKING SENDERS AND RECIPIENTS. VOLUNTEERS RUN SERVERS (CALLED "MIXES") THAT RECEIVE MESSAGES, AND DECRYPT THEM, RE-ORDER THEM, AND RE-TRANSMIT THEM TOWARD THEIR EVENTUAL DESTINATION. EVERY E-MAIL PASSES THROUGH SEVERAL MIXES SO THAT NO SINGLE MIX CAN LINK MESSAGE SENDERS WITH RECIPIENTS.

MANY P2P SYSTEMS TRY TO IMPLEMENT ANONYMITY AT THE APPLICATION LAYER, INSTEAD OF AT A LOWER-LEVEL NETWORK LAYER. A ROBUST FREE INFRASTRUCTURE WHICH CAN ANONYMIZE ANY INTERNET TRAFFIC WOULD BENEFIT A WIDE ARRAY OF EXISTING PROTOCOLS AND CURRENT P2P SYSTEMS, SINCE THE ANONYMOUS CONNECTION COULD SEAMLESSLY REPLACE THE CURRENT CONNECTION.
OUR MAIN DESIGNS GOALS, ORDERED BY PRIORITY:

APPLICATION INDEPENDENCE: THE SYSTEM SHOULD PROVIDE THE ABSTRACTION OF AN IP TUNNEL AND PERFORM TRANSPARENTLY TO USER APPLICATIONS.

ANONYMITY AGAINST MALICIOUS NODES: IT SHOULD ENSURE THAT COLLUDING NODES CANNOT LINK A PARTICIPANTING HOST AS THE SENDER (OR RECIPIENT) OF ANY MESSAGE.

FAULT-TOLERANCE AND AVAILABILITY: THE SYSTEM SHOULD RESIST AN ADVERSARY'S ATTEMPTS TO OVERLOAD THE SYSTEM OR TO BLOCK SYSTEM ENTRY OR EXIT POINTS. IT SHOULD MINIMIZE THE DAMAGE ANY ONE ADVERSARY CAN CAUSE BY RUNNING A FEW COMPROMISED MACHINES.

PERFORMANCE: THE SYSTEM SHOULD MAXIMIZE THE PERFORMANCE OF TUNNEL TRANSMISSION, SUBJECT TO OUR ANONYMITY REQUIREMENTS.

ANONYMITY AGAINST A GLOBAL EAVESDROPPER: AN ADVERSARY OBSERVING THE ENTIRE NETWORK SHOULD BE UNABLE TO DETERMINE WHICH SYSTEM RELAY INITIATES A PARTICULAR MESSAGE.

HERBIVORE IS A PEER-TO-PEER, SELF-ORGANIZING ANONYMOUS COMMUNICATION SYSTEM THAT IS RESILIENT TO SUBVERSION. HERBIVORE CONCEALS THE IDENTITY OF COMMUNICATING PARTIES, ENSURING THAT EAVESDROPPERS WITH UNLIMITED WIRETAPPING ABILITIES CANNOT DETERMINE THE SOURCE OR DESTINATION OF A MESSAGE.

TOR GENERATION 2 ONION ROUTING IS A NETWORK OF VIRTUAL TUNNELS THAT ALLOWS PEOPLE AND GROUPS TO IMPROVE THEIR PRIVACY AND SECURITY ON THE INTERNET. IT ALSO ENABLES SOFTWARE DEVELOPERS TO CREATE NEW COMMUNICATION TOOLS WITH BUILT-IN PRIVACY FEATURES. TOR PROVIDES THE FOUNDATION FOR A RANGE OF APPLICATIONS THAT ALLOW ORGANIZATIONS AND INDIVIDUALS TO SHARE INFORMATION OVER PUBLIC NETWORKS WITHOUT COMPROMISING THEIR PRIVACY.

MIX CASCADES CHAINS OF MIXES RUN BY VARIOUS INDEPENDENT OPERATORS. THEY TYPICALLY CONSIST OF THREE MIXES: ONE FIRST MIX (IN) WHICH RECEIVES REQUESTS FROM THE USERS, ONE MIDDLE MIX (MIDDLE) WHICH ONLY FORWARDS TRAFFIC TO OTHER MIXES, AND A LAST MIX (OUT) WHICH SENDS THE REAL OUTGOING REQUESTS TO INTERNET RESOURCES.

INFOSERVICE A SEPARATE SERVICE WHICH PROVIDES INFORMATION ABOUT THE AVAILABLE MIXES AND MIX CASCADES, THENUMBER OF USERS CURRENTLY USING THE MIX CASCADES, AND THEIR CURRENT WORKLOAD.

JAP / JONDO CLIENT PROGRAM INSTALLED ON THE USER'S COMPUTER. ITS PRIMARY USE IS TO ESTABLISH ENCRYPTED CONNECTIONS TO MIX CASCADES. FOR TRADEMARK REASONS, JAP WILL BE RENAMED TO JONDO FOR THE COMMERCIAL SERVICE. THE USERS ARE CALLED JONDONAUTS (RESEMBLING THE TERM "ASTRONAUTS").

HOW IT WORKS:

ALL REQUESTS OF THE WEB BROWSER HAVE TO BE PROCESSED BY THE JAP / JONDO PROGRAM INSTEAD OF ACCESSING THE INTERNET DIRECTLY. JAP ENCRYPTS THE DATA AND SENDS IT TO THE FIRST MIX OF A MIX CASCADE. THE FIRST MIX THEN MIXES THE DATA WITH THAT OF OTHER USERS AND SENDS IT TO THE SECOND MIX STATION WHICH PASSES IT ON TO THE THIRD MIX STATION WHICH DECRYPTS AND SENDS THE DATA THROUGH A CACHE PROXY TO THE INTERNET.

EACH MIX CARRIES OUT CRYPTOGRAPHIC OPERATIONS ON THE MESSAGE SO THAT THE JAP-ENCRYPTED DATA IS ONLY READABLE AFTER HAVING PASSED THROUGH THE PROPER MIXES IN THE PROPER ORDER. THIS ENSURES THAT AN EAVESDROPPER EITHER ONLY RECEIVES UNREADABLE (ENCRYPTED) DATA OR CAN NO LONGER DETERMINE THE SENDER. IN ORDER FOR IT TO WORK CORRECTLY, ONLY ONE MIX IN THE CASCADE NEEDS BE TRUSTED NOT TO INFORM THE EAVESDROPPER ABOUT THE METHOD OF MESSAGE MIXING. THE MORE USERS THAT USE THE CASCADE, THE HARDER IT IS FOR AN OBSERVER TO DISTINGUISH SINGLE USERS.

MOREOVER, THE SYSTEM PROVIDES SO-CALLED FORWARDING FUNCTIONALITY. USERS CAN CONNECT TO THE SERVICE EVEN IF IT IS BLOCKED BY THEIR PROVIDER. THIS IS OFTEN THE CASE IN COUNTRIES THAT ARE KNOWN FOR HEAVY CENSORSHIP. UNBLOCKED USERS OF THE SERVICE (FORWARDING SERVERS) MAY VOLUNTARILY FORWARD OTHER JONDONAUTS (FORWARDING CLIENTS) TO THE MIX CASCADES.